Work authors can *always* see the work refs BT#6418 and option should be added to enable/disabled this feature.

12 years ago · fe018b5afe
parent 1271a98db4
commit fe018b5afe
3 changed files with 85 additions and 34 deletions
--- a/main/work/download.php
+++ b/main/work/download.php
@ -37,8 +37,8 @@ if (empty($course_info)) {
 $tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);

 if (!empty($course_info['real_id'])) {
-	$sql = 'SELECT * FROM '.$tbl_student_publication.' WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
-	$result = Database::query($sql);
+    $sql = 'SELECT * FROM '.$tbl_student_publication.' WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
+    $result = Database::query($sql);
    if ($result && Database::num_rows($result)) {
        $row = Database::fetch_array($result, 'ASSOC');
        $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url'];
@ -76,20 +76,22 @@ if (!empty($course_info['real_id'])) {

        $work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1);
        $doc_visible_for_all = ($course_info['show_score'] == 1);
-        $is_editor = api_is_allowed_to_edit(true,true,true);
-        $student_is_owner_of_work = ($row['user_id'] == api_get_user_id());

-	    if ($is_editor
-	        || (!$doc_visible_for_all && $work_is_visible && $student_is_owner_of_work)
-	        || ($doc_visible_for_all && $work_is_visible)) {
-		    $title = str_replace(' ', '_', $row['title']);
+        $is_editor = api_is_allowed_to_edit(true, true, true);
+        $student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);
+
+        if ($is_editor
+            //|| (!$doc_visible_for_all && $work_is_visible && $student_is_owner_of_work)
+            || ($student_is_owner_of_work)
+            || ($doc_visible_for_all && $work_is_visible)) {
+            $title = str_replace(' ', '_', $row['title']);
            event_download($title);
-		    if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')) {
-		        DocumentManager::file_send_for_download($full_file_name, true, $title);
-		    }
-	    } else {
+            if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')) {
+                DocumentManager::file_send_for_download($full_file_name, true, $title);
+            }
+        } else {
            api_not_allowed();
        }
-	}
+    }
 }
 exit;
--- a/main/work/view.php
+++ b/main/work/view.php
@ -28,10 +28,12 @@ if (user_is_author($id) || $course_info['show_score'] == 0 && $work['active'] ==
    } else {
        $url_dir = 'work_list.php?id='.$my_folder_data['id'];
    }
-    $interbreadcrumb[] = array ('url' => $url_dir, 'name' =>  $my_folder_data['title']);
-    $interbreadcrumb[] = array ('url' => '#','name' =>  $work['title']);
-
-    if (($course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) || api_is_allowed_to_edit() || ($work['user_id'] == api_get_user_id() && $work['active'] == 1 && $work['accepted'] == 1)) {
+    $interbreadcrumb[] = array('url' => $url_dir, 'name' =>  $my_folder_data['title']);
+    $interbreadcrumb[] = array('url' => '#','name' =>  $work['title']);
+    if (
+        ($course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) ||
+        api_is_allowed_to_edit() ||
+        (user_is_author($id))) {
        $tpl = new Template();
        $tpl->assign('work', $work);
        $template = $tpl->get_template('work/view.tpl');
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@ -1682,12 +1682,11 @@ function get_work_user_list($start, $limit, $column, $direction, $work_id, $wher
        if ($is_allowed_to_edit) {
            $extra_conditions .= ' AND work.active IN (0, 1) ';
        } else {
-            $extra_conditions .= ' AND work.active IN (1) ';

            if (isset($course_info['show_score']) &&  $course_info['show_score'] == 1) {
-                $extra_conditions .= " AND u.user_id = ".api_get_user_id()." ";
+                $extra_conditions .= " AND (u.user_id = ".api_get_user_id()." AND work.active IN (0, 1) OR work.active = 1) ";
            } else {
-                $extra_conditions .= '';
+                $extra_conditions .= ' AND work.active = 1 ';
            }
        }

@ -1716,10 +1715,9 @@ function get_work_user_list($start, $limit, $column, $direction, $work_id, $wher
        $works = array();

        while ($work = Database::fetch_array($result, 'ASSOC')) {
-           //var_dump($work);
            $item_id = $work['id'];

-            //Get the author ID for that document from the item_property table
+            // Get the author ID for that document from the item_property table
 			$is_author  = false;
            $can_read   = false;

@ -1734,7 +1732,7 @@ function get_work_user_list($start, $limit, $column, $direction, $work_id, $wher
 				$is_author = true;
 			}

-            if ($course_info['show_score'] == 0 ) {
+            if ($course_info['show_score'] == 0) {
                $can_read = true;
            }

@ -1761,11 +1759,16 @@ function get_work_user_list($start, $limit, $column, $direction, $work_id, $wher

            $add_string = '';
            $time_expires = api_strtotime($work_assignment['expires_on'], 'UTC');
+
            if (!empty($work_assignment['expires_on']) && $work_assignment['expires_on'] != '0000-00-00 00:00:00' && $time_expires && ($time_expires < api_strtotime($work['sent_date'], 'UTC'))) {
-                $add_string = Display::label(get_lang('Expired'),'important');
+                $add_string = Display::label(get_lang('Expired'), 'important');
            }

-            if (($can_read && $work['accepted'] == '1') || ($is_author && $work['accepted'] == '1') || $is_allowed_to_edit) {
+            if (
+                ($can_read && $work['accepted'] == '1') ||
+                ($is_author && in_array($work['accepted'], array('1','0'))) ||
+                $is_allowed_to_edit
+            ) {

                // Firstname, lastname, username
                $work['firstname'] = Display::div($work['firstname'], array('class' => $class));
@ -1991,12 +1994,19 @@ function draw_date_picker($prefix, $default = '') {
 	return $date_form;
 }

-function get_date_from_select($prefix) {
+function get_date_from_select($prefix)
+{
 	return $_POST[$prefix.'_year'].'-'.two_digits($_POST[$prefix.'_month']).'-'.two_digits($_POST[$prefix.'_day']).' '.two_digits($_POST[$prefix.'_hour']).':'.two_digits($_POST[$prefix.'_minute']).':00';
 }

-/* Check if a user is the author of the item */
-function user_is_author($item_id, $user_id = null) {
+/**
+ * Check if a user is the author of the item
+ * @param int $item_id
+ * @param int  $user_id
+ * @return bool
+ */
+function user_is_author($item_id, $user_id = null)
+{
    if (empty($item_id)) {
        return false;
    }
@ -2022,7 +2032,6 @@ function user_is_author($item_id, $user_id = null) {
    return $is_author;
 }

-
 /**
 * Get list of users who have not given the task
 * @param int
@ -2143,7 +2152,11 @@ function display_list_users_without_publication($task_id, $studentId = null)
 }

 // Document to work
-
+/**
+ * @param int $documentId
+ * @param int $workId
+ * @param int $courseId
+ */
 function addDocumentToWork($documentId, $workId, $courseId)
 {
    $table = Database::get_course_table(TABLE_STUDENT_PUBLICATION_REL_DOCUMENT);
@ -2155,6 +2168,12 @@ function addDocumentToWork($documentId, $workId, $courseId)
    Database::insert($table, $params);
 }

+/**
+ * @param int $documentId
+ * @param int $workId
+ * @param int $courseId
+ * @return array
+ */
 function getDocumentToWork($documentId, $workId, $courseId)
 {
    $table = Database::get_course_table(TABLE_STUDENT_PUBLICATION_REL_DOCUMENT);
@ -2164,6 +2183,11 @@ function getDocumentToWork($documentId, $workId, $courseId)
    return Database::select('*', $table, array('where' => $params));
 }

+/**
+ * @param int $workId
+ * @param int $courseId
+ * @return array
+ */
 function getAllDocumentToWork($workId, $courseId)
 {
    if (ADD_DOCUMENT_TO_WORK == false) {
@ -2176,7 +2200,11 @@ function getAllDocumentToWork($workId, $courseId)
    return Database::select('*', $table, array('where' => $params));
 }

-
+/**
+ * @param int $documentId
+ * @param int $workId
+ * @param int $courseId
+ */
 function deleteDocumentToWork($documentId, $workId, $courseId)
 {
    $table = Database::get_course_table(TABLE_STUDENT_PUBLICATION_REL_DOCUMENT);
@ -2186,9 +2214,11 @@ function deleteDocumentToWork($documentId, $workId, $courseId)
    Database::delete($table, $params);
 }

-// User to work
-
-
+/**
+ * @param int $userId
+ * @param int $workId
+ * @param int $courseId
+ */
 function addUserToWork($userId, $workId, $courseId)
 {
    $table = Database::get_course_table(TABLE_STUDENT_PUBLICATION_REL_USER);
@ -2200,6 +2230,12 @@ function addUserToWork($userId, $workId, $courseId)
    Database::insert($table, $params);
 }

+/**
+ * @param int $userId
+ * @param int $workId
+ * @param int $courseId
+ * @return array
+ */
 function getUserToWork($userId, $workId, $courseId)
 {
    $table = Database::get_course_table(TABLE_STUDENT_PUBLICATION_REL_USER);
@ -2258,6 +2294,12 @@ function userIsSubscribedToWork($userId, $workId, $courseId)
    return false;
 }

+/**
+ * @param int $userId
+ * @param int $workId
+ * @param int $courseId
+ * @return bool
+ */
 function allowOnlySubscribedUser($userId, $workId, $courseId)
 {
    if (ADD_DOCUMENT_TO_WORK == false) {
@ -2272,6 +2314,11 @@ function allowOnlySubscribedUser($userId, $workId, $courseId)

 }

+/**
+ * @param int $workId
+ * @param array $courseInfo
+ * @return array
+ */
 function getDocumentTemplateFromWork($workId, $courseInfo)
 {
    $documents = getAllDocumentToWork($workId, $courseInfo['real_id']);